ZAIUX® Evo: Why use it and who needs it?

September 2023

In the last few years, the digitalization process has become more frequent, and an increasing number of companies are relying on computer technology to provide their services.

In the same way, and in parallel, the complexity of the IT infrastructure has increased and the need to make it more and more secure has become a new primary focus.

Today things are changing, or rather they have already changed, thanks to the evidence provided by the ongoing cases of real attacks that relentlessly affect the IT infrastructure around the world, regardless of their size or business sector.

For these reasons, in recent times, new opportunities on the IT market are emerging in the cybersecurity, a field traditionally aimed almost exclusively at defensive solutions.

On its part, PIKERED bases its expertise on cybersecurity services aimed at offensive activities of attack simulation on infrastructure, both in manual mode, entrusted to its internal Red Team, and in automatic mode, performed by its proprietary software solutions, such as those of the ZAIUX® suite.

In particular, ZAIUX® Evo is a Full Cloud solution which, thanks to AI, automates Command and Control (C2) attack activities, generating reports without false positives and including a Remediation Plan and much more.

This tool has been designed to simulate, in a totally automated way, an advanced cyber-attack within an IT infrastructure based on MS Active Directory, to test the real effectiveness of the defensive systems implemented in it, including the response capacity of the Security Operation Centre (SOC) or any other element for the defence of the network.

Who are the main actors that can benefit from the services provided by ZAIUX® Evo?

Here below are the main categories of potential users of ZAIUX® Evo:

  • MSPs
  • Cybersecurity specialized MSSP’s
  • System & Service Integrators
  • Red Teams
  • Medium and big sized enterprises

For each of these categories, here below are the use scenarios, described in the best way possible.

MSP

First of all, it is necessary to define the concept of MSP, which literally means Managed Service Provider. An MSP is usually a company that delivers IT services in a managed and proactive mode, as opposed to the old “Break/Fix” logic that has characterized the operating mode of the System Integrator market for years.

In a usual MSP, there are often no in-house skills vertically addressed to cybersecurity, especially referring to the offensive side. In this scenario, the MSP can find in ZAIUX® Evo the right ally to offer value services and generate new business opportunities by running it on its customers’ networks, in order to check the health of their defensive posture and then offering further advice for the application of remediation plans suggested by ZAIUX® Evo. In this scenario, the MSP purchases the licenses of ZAIUX® Evo, naming them and reselling the consulting service given from using this solution on the target networks, without selling the license to the end customer.

MSSP specializing in Cybersecurity

An MSSP (Managed Security Service Provider) is usually a company resembling to an MSP from an organizational perspective, but with its Core Business is based on cybersecurity. They normally perform proactive activities in order to deliver event monitoring services, which are typical for instance for a SOC (Security Operation Centre), but they also test the posture of defences through attack simulation activities, sometimes entrusted to ethical hackers or semi-automated software solutions.

In these cases, MSSPs could adopt ZAIUX® Evo for two aims, namely:

  • Use it, even regularly, to have a network screening.
  • Simulate a Breach & Attack to check the reaction time of those doing monitoring.

 

System & Service Integrators

A System Integrator is a consultant or company that deals with the integration of systems to optimize the coexistence of different elements within a complex IT network. Usually, clients of System Integrators require a wide range of services by looking to them also for cyber skills, which sometimes they do not have in their own companies.

In this case ZAIUX® Evo could help them since its deployment within the target network does not require any expertise on the typical areas of the offensive Cyber world. In this way they would be able to perform a BAS (Breach & Attack Simulation) on their own, without resorting to expensive external consultancy. This would make them able to offer a valuable value-added service for their clients, standing out in the market as cyber innovation providers.

Red Teams

Typically, companies offering Red Team services are composed of teams of ethical hackers, who are usually using almost exclusively manual offensive techniques and who are lovers of artisan approaches aimed at bypassing the defensive solutions in the target network. One might think that these actors would be the most sceptical in giving positive feedback on the use of ZAIUX® Evo, because of its totally automated nature, which they cannot control. Instead, in many cases, some Red Teams have found it very useful to use ZAIUX® Evo as an initial step during a manual Internal Penetration Test activity. They then use the report produced by ZAIUX® Evo as a starting point from which they carry on further analysis and attack activities, gaining advantages in terms of execution time.

Large and medium-sized companies

All organizations that have an internal department to Cybersecurity (typically not SMBs) find it useful to use ZAIUX® Evo regularly within their network, even without relying on an external MSSP. The typical scenario in this area leads the company to repeatedly run multiple tests throughout the year, even monthly, to frequently check the security status of their network. In this case, the ZAIUX® Evo license would be sold directly to the end company, which uses the solution internally.

Conclusions

None of the above scenarios can be described as unique, actually quite the opposite. It is increasingly common to receive feedback from our partners regarding the most diverse and imaginative application models that are useful in securing IT organizations.

Therefore, the category does not matter. What’s important is to adopt a regular policy related to Cybersecurity that does not only include the addition of defensive products and/or services but also includes a process of verifying the quality of the same thanks to ethical offensive actions, whether automatic or not, that can serve to make a better tuning of the defensive posture.

Join the automated BAS revolution!